Errors inserting into database

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • abramfas
    New Member
    • May 2013
    • 9
    #1

    Errors inserting into database

    Code:
    ?php
session_start();
$connection=mysqli_connect("localhost","root","root","") or die("Error Connecting to Database");
//$db = mysql_select_db("database") or die("Error Selecting Database");
if (!$connection) //if not connection
{
echo "could not connect";
}
else
{  //authenticate inputs	
	if (isset($_POST['submit']))
	{
		$tit=$_POST['tittle'];
		$sname=$_POST['surname'];
		$onames=$_POST['othernames'];
		$uname=$_POST['username'];
		$pword=$_POST['password'];
		
	
		$query="INSERT INTO `sear`  VALUES (NULL, '$tit', '$sname','$onames','$uname', '$pword')";
		$result=$connection->query($query) or die("Error Uploading to Datatbase");
		if ($result)
		{
			$query="SELECT * FROM `staff` WHERE `username`='$username' AND `password`='$password'";
			$result=$connection->query($query);
			if ($result)
			{
			$resultArray=$result->fetch_assoc();
			$username=$resultArray['username'];
			$password=$resultArray['password'];
			echo $username;
			
			$query="INSERT INTO `admia`  VALUES (NULL,'$username', '$password')";
			$result=$connection->query($query);
				if ($result)
				{
				echo "</br>";	
				echo "acccount was successfully created";
				
				}
			}
		}
		
		// else
		// {
			// header ('Location:register-staff.php?Message=0');
		// }
	}	//$username=$_SESSION['username'];
	
}
	
?>
    Tags: None
    • abramfas
      New Member
      • May 2013
      • 9
      #2
      I have issues at the point where it is supposed to insert into the database... it flag an error "error uploading to the database" Canyou guys help me... Thanks

        Comment

        • Rabbit
          Recognized Expert MVP
          • Jan 2007
          • 12517
          #3
          What is the SQL error that it gave you? They generic error message you put in is not helpful.

            Comment

            • Luuk
              Recognized Expert Top Contributor
              • Mar 2012
              • 1043
              #4
              why did you comment out line #4 ??

                Comment

                • Atli
                  Recognized Expert Expert
                  • Nov 2006
                  • 5062
                  #5
                  There are two major red flags in that INSERT statement.

                  First, you are injecting user input directly into the SQL query. That's just begging for trouble. In old-school MySQL API code you would escape the user input before doing this, but since you are using MySQLi you should be using Prepared Statements. This also applies to your other two queries.

                  And second, your INSERT statement is not specifying the fields it is inserting into. MySQL supports statements without field lists, but it is highly encouraged to specify the fields anyway. This protects your code from future schema changes and other such issues.
                  Code:
                  /* BAD! */
INSERT INTO `tbl` 
VALUES(NULL, 'val1', 'val2');

/* Good */
INSERT INTO `tbl`(`field1`, `field2`) 
VALUES('val1', 'val2');
                  In the second example, the NULL is removed because - presumably - that is meant to trigger MySQL to generate an AUTO_INCREMENT number for the ID field. It'll do that by default if the ID field is not included in the INSERT statement, so it's not needed.

                    Comment

                    Previous template Next
                    Working...